Today, website visitors are mostly identified via cookies containing a unique ID. A cookie is text (e.g., a name-value pair) stored on a user device by a web browser. The cookie is initially sent to the browser from a web server. The cookie is saved on the user device by the browser. Then, the cookie may be sent back to the web server, unchanged, from the browser each time the browser accesses the website on the web server. A cookie is commonly used for authentication, storing site preferences, storing shopping cart contents, and tracking.
For example, in the case of a shopping cart, a web server sends a cookie containing a unique session ID. The browser sends back that session ID and an indication of items placed in the shopping cart by the user. The web server stores the items with the session ID. The user may leave the website without checking out the items in the shopping cart. If the user returns to the web site, the browser sends the cookie to the web server. Then, the web server can retrieve the items in the shopping cart associated with the cookie and previous session ID, and these items may be displayed to the user. In the case of tracking, every time a page from a website is requested, the web server stores the uniform resource locator (URL) of the requested page, the date and time of the request, and the cookie in a log file so a list of accessed pages and sequence of accessing pages can be determined for each cookie.
While the use of cookies is a universally accepted practice, there are limitations. According to the standard for cookies promulgated by the Internet Engineering Task Force (IETF) (i.e., RFC2109), cookies are sent only to the server setting them or to the server in the same Internet domain. For example, an online shopping website at abc.com may install a cookie on a user device, such as a user's laptop or cell phone. However, the online shopping website may send a user to a product manufacturer's website yyy.com in a different domain (which is identified by a different domain name) after the user has selected the product from the online shopping website. The website yyy.com can no longer use the cookie installed on the user device by abc.com because yyy.com is in a different domain. This may be a problem if yyy.com wants to maintain user settings or preferences or shopping cart items associated with the cookie sent by abc.com. Another limitation of cookies is that some users block cookies, especially third party cookies, due to privacy concerns. Also, increasingly browsers are treating cookies as ‘session cookies’, which may be deleted after the browser is closed, regardless of whether the cookies have been defined with a specific expiration date. Thus, cookies may not be usable for tracking across different domains, maintaining user preferences across different domains, and maintaining shopping cart items across different domains.